CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-33179
https://notcve.org/view.php?id=CVE-2022-33179
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. Una vulnerabilidad en Brocade Fabric OS CLI versiones anteriores a Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c y 7.4.2j, podría permitir a un usuario local autenticado salir de shells restringidos con "set context" y escalar privilegios • https://security.netapp.com/advisory/ntap-20230127-0004 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2079 •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-28169
https://notcve.org/view.php?id=CVE-2022-28169
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header. Brocade Webtools en versiones de Brocade Fabric OS anteriores a v9.1.1, v9.0.1e y v8.2.3c podrían permitir que un usuario de webtools poco privilegiado obtuviera derechos de administrador elevados, o privilegios, más allá de lo previsto o autorizado para ese usuario. Al explotar esta vulnerabilidad, un usuario cuyo rol no es de administrador puede crear un nuevo usuario con rol de administrador usando el identificador de sesión del operador. • https://security.netapp.com/advisory/ntap-20230127-0001 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2075 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27798
https://notcve.org/view.php?id=CVE-2021-27798
A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions v7.4.1.x and v7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life Publish report Una vulnerabilidad en Brocade Fabric OS versiones v7.4.1b y v7.3.1d, podría permitir a usuarios locales conducir un salto de directorio privilegiado. Brocade Fabric OS versiones v7.4.1.x y v7.3.x, han llegado al final de su vida útil. Los usuarios de Brocade Fabric OS deben actualizarse a versiones soportadas, tal y como es descrito en el Informe de Publicación de Fin de Vida del Producto • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2012 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-4197 – kernel: cgroup: Use open-time creds and namespace for migration perm checks
https://notcve.org/view.php?id=CVE-2021-4197
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. Se encontró un fallo de escritura no privilegiado en el manejador de archivos en el subsistema de grupos de control y espacios de nombres del kernel de Linux en la forma en que los usuarios presentan acceso a algunos procesos menos privilegiados que son controlados por cgroups y presentan procesos padres con mayores privilegios. En realidad se trata de las versiones cgroup2 y cgroup1 de los grupos de control. • https://bugzilla.redhat.com/show_bug.cgi?id=2035652 https://lore.kernel.org/lkml/20211209214707.805617-1-tj%40kernel.org/T https://security.netapp.com/advisory/ntap-20220602-0006 https://www.debian.org/security/2022/dsa-5127 https://www.debian.org/security/2022/dsa-5173 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2021-4197 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-15388
https://notcve.org/view.php?id=CVE-2020-15388
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files. Una vulnerabilidad en Brocade Fabric OS antes de Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4 y v7.4.2h podría permitir a un usuario autenticado de la CLI abusar del comando history para escribir contenido arbitrario en archivos • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1493 •